package cn.tedu.spring.security.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class WebSecurityConfig  extends WebSecurityConfigurerAdapter {
    /**
     * 配置web安全，绕过Spring Security的过滤器链
     */
    @Override public void configure(WebSecurity web) throws Exception {
        web.ignoring().mvcMatchers("/actuator/**");
    }

    /**
     * 主要是添加过滤器链的规则
     */
    @Override protected void configure(HttpSecurity http) throws Exception {
        http.cors();
        http.authorizeRequests()
            .mvcMatchers("/register.html").permitAll()
            .mvcMatchers("/user/**").hasRole("ADMIN")
            .anyRequest().authenticated()
        .and().formLogin();
    }
}
